Advanced Network Security - Phase 4

Verified

Added on 2019/09/25

AI Summary

This report addresses key distribution issues in network security within the context of an Advanced Network Security assignment (Phase 4). It begins by outlining the challenges of traditional symmetric encryption key sharing, highlighting vulnerabilities to interception and modification during transit. The report then proposes Diffie-Hellman key exchange as a more secure alternative to the RSA algorithm used in the assignment. Detailed instructions for implementing Diffie-Hellman using OpenSSL commands are provided, demonstrating the generation of public and private keys, key exchange, and derivation of a shared secret. Finally, the report compares the pros and cons of RSA and Diffie-Hellman, noting the differing security concerns and cryptanalysis vulnerabilities, concluding that Diffie-Hellman offers stronger security and is government-approved.

Advanced Network Security - Question 1 - Phase 4
A. Created summary of individual messages and zipped into folder
B. Signed summary of individual message and zipped into folder
C. Key Distribution issues : Traditionally, in symmetric encryption method, it is necessary
for either of the signer or user of the ciphered text has to create and share the key over
any medium to the other user which is using it to verify the signed text. Security of the
key is highly dependent on the medium through which one share the key to other. While
the key is in transit, there might be chances where a key is being stolen or copied by the
third party. That third party can use the key unethically to decrypt the important
ciphertext.
As per suggested methods sharing key either through Email signature or post it
to moodle forum has changes of unauthenticated access to third party. Sharing public
key through email might face some issues where an active attacker modifying the email
while in transit, and replace the shared public key with his own public key. On the other
hand sharing on online portal also might have similar issues where MIM attack with alter
the shared key.
D. Secure Key distribution Method :
As we have used two RSA algorithms in the given assignment where asymmetric
encryption to encrypt the message and digital signature to sign the message. Both are
using same mathematical operation. On other hand there more secure Diffie-Hellman
key exchange algorithm. In RSA algorithm generating a random symmetric key and
encrypting it with the recipient’s public key. On other hand DH method uses a one round
trip between the sender and receiver where recipient of the message sends his half DH
Public key, sender computes the exchange algorithm and also obtain the key. Sender
encrypts the message and sends the whole to recipient. With all shared information,
recipient compute the key and decrypt the message.
Generate the Diffie-Hellman global public parameters, saving them in the file dh.pem:
$ openssl genpkey -genparam -algorithm DH -out dh.pem
Each user now uses the public parameters to generate their own private and public key,
saving them in the file dhk1.pem (for user 1) and dhk2.pem (for user 2):
$ openssl genpkey -paramfile dh.pem -out dhk1.pem
$ openssl genpkey -paramfile dh.pem -out dhk2.pem

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

The users must exchange their public keys. First extract the public key into the
file dhpub1.pem and dh2pub.pem.
$ openssl pkey -in dhk1.pem -pubout -out dhp1.pem
$ openssl pkey -in dhk2.pem -pubout -out dhp2.pem
After exchanging public keys, i.e. the files dhp1.pem and dhp2.pem, each user
can derive the shared secret. User 1 performs the following to output the secret, a 128
Byte binary value into the file message1.bin:
$ openssl pkeyutl -derive -inkey dhk1.pem -peerkey dhp2.pem -out
message1.bin
$ openssl pkeyutl -derive -inkey dhk2.pem -peerkey dhp1.pem -out
message2.bin
Result of both will be same when compared the generated messages.
E. Pros and Cons of suggested method :
RSA algorithm depends on the level of difficulty of integer factorization for the
security concern. While this is not the case with DSA algorithm, it relies on the
difficulty level of discrete log. They both have different issues and tackle distinct
problems. The popular breaking algorithm is the variant of general no. filed
slave. In this, both RSA and DSA have same asymptotic complexity.
When viewed from higher level, 1024 DH key is quite robust when gone through
cryptanalysis as compared to 1024 RSA key. Also, DH is govt. approved and
standardized by the institute.

1 out of 2

Advanced Network Security - Phase 4

Paraphrase This Document

Related Documents

Cryptography Assignment: Symmetric, Asymmetric Encryption Explained

Public Key Cryptography: RSA Algorithm and Mathematical Concepts

Cryptography Security Assessment Report for Data Protection

Wireless Networks Report: Encryption, Security, Harvest

Comprehensive Report on Secure Encryption Technologies and Security

System Security: Analysis of Cryptography and Authentication Methods

+13062052269

info@desklib.com